| 两侧同时换到之前的修订记录前一修订版后一修订版 | 前一修订版 |
| it:server:保护 [2022-08-27 20:55] – goldentianya | it:server:保护 [2022-08-29 19:03] (当前版本) – [保护VPS] goldentianya |
|---|
| <code> | <code> |
| sudo grep "Failed password for invalid user" /var/log/auth.log | awk '{print $13}' | sort | uniq -c | sort -nr | more | sudo grep "Failed password for invalid user" /var/log/auth.log | awk '{print $13}' | sort | uniq -c | sort -nr | more |
| | </code> |
| | |
| | 3. 统计以root或者其它用户登录的次数 |
| | <code> |
| | sudo grep "Failed password for root" /var/log/auth.log | wc -l |
| | sudo grep "Failed password for invalid user" /var/log/auth.log | wc -l |
| </code> | </code> |
| |
| * <color #ff7f27>''%%sudo systemctl restart sshd%%''</color> | * <color #ff7f27>''%%sudo systemctl restart sshd%%''</color> |
| * <color #ff7f27>''%%sudo service ssh restart%%''</color> | * <color #ff7f27>''%%sudo service ssh restart%%''</color> |
| | |
| | <code> |
| | // 统计以 root 用户尝试登录到数量 |
| | sudo grep "Failed password for root" /var/log/auth.log | wc -l |
| | // 统计以其它用户试登录到数量 |
| | sudo grep "Failed password for invalid user" /var/log/auth.log | wc -l |
| | </code> |
| |
| <code> | <code> |
| 安装 fail2ban 防止攻击 <color #ff7f27>''%%sudo apt-get install fail2ban%%''</color> (([[https://linux.cn/article-5067-1.html|为ssh服务器配置fail2ban]])) | 安装 fail2ban 防止攻击 <color #ff7f27>''%%sudo apt-get install fail2ban%%''</color> (([[https://linux.cn/article-5067-1.html|为ssh服务器配置fail2ban]])) |
| |
| 检查状态 sudo iptables --list -n\\ | 检查状态 <color #ff7f27>''%%sudo iptables --list -n%%''</color>\\ |
| 解锁ssh fail2ban-client set sshd unbanip <ip>\\ | 解锁ssh fail2ban-client set sshd unbanip <ip>\\ |
| 或者更改 /etc/fail2ban/jail.conf 文件,为某些IP设置白名单。 | 或者更改 /etc/fail2ban/jail.conf 文件,为某些IP设置白名单。 |
